Threat Database Ransomware DMO Ransomware

DMO Ransomware

By GoldSparrow in Ransomware

Cybersecurity experts who specialize in spotting ransomware threats have recently come across a new data-locking Trojan. They named it DMO Ransomware. It appears that the DMO Ransomware is not a variant of any of the popular ransomware threats that have been plaguing the Internet.

Malware researchers have not been able to confirm what infection vector has been employed in the propagation of the DMO Ransomware. However, there have been speculations that the creators of this file-encrypting Trojan may be using emails containing a corrupted file, infected pirated applications, and bogus software updates to spread their threat. The DMO Ransomware performs a scan on the system as soon as it manages to infiltrate it. The scan determines the locations of the files which will be locked by the DMO Ransomware. Then, the encryption process begins. The DMO Ransomware alters the names of the files which undergo its encryption process by adding a ‘.dmo’ extension to the affected files. If you had a file called ‘spring-grass.jpeg,’ the DMO Ransomware would change it to ‘spring-grass.jpeg.dmo’ and you will no longer be able to use it in any capacity.

The next step is dropping the ransom note. The DMO Ransomware’s ransom note is named ‘HOW_TO_RETURN_FILES.txt.’ The using of all caps when naming a ransom note is not an uncommon practice as it reduces the chances of the victim to end up overlooking the message that the attackers are trying to convey. The note begins with ‘Dear manager,’ and the attackers go on to explain what has occurred. They claim that they have used the AES-256 encryption algorithm to lock the victim’s data. The attackers offer to decrypt one file free of charge to prove that they have a decryption tool available. The only requirement is that the file does not exceed 500kB in size. The authors of the DMO Ransomware provide an email address where they are to be contacted –

We advise you strongly not to get in touch with authors of malware in general. You cannot trust such individuals. Instead, make sure you download and install a reputable anti-malware application which would clear your system of the DMO Ransomware.

Related Posts


Most Viewed